Fireblocks integration within Defender

You can directly submit transactions to Fireblocks from Defender. Fireblocks is a robust asset management solution that utilizes multi-party computation to secure all treasury operations, ensuring enhanced security and efficiency.

Pre-requisites

  • If you want leverage Fireblocks within Defender you can contact the OZ team to enable to Fireblocks integration for your account.

1. Generate CSR file

  1. To use this feature, navigate to the Settings page and click on Approval Process in the sidebar. If the Fireblocks integration is enabled for your account, go to the Integrations tab, which is located next to the All Approval Process tab.

    Integration tab
  2. Click on Generate new API Key for Fireblocks. Here, you will need to generate a Certificate Signing Request (CSR), which will be used within the Fireblocks platform to enable this feature and create API keys.

    CSR Generation Modal

    This will trigger Defender to generate a public/private key-pair. The CSR is then generated and signed with the private key and securely stored to prevent leakage.

2. Create Fireblocks API user

  1. First, you will need to import the CSR within the Fireblocks UI when creating a new API user. Note that the API user will require any role that can at least initiate transactions, e.g. Signer.

    Create API user
  2. Once the API user has been created and approved by the Fireblocks workspace owner, copy the Fireblocks API key and navigate to the Fireblocks API Keys page. You should see an incomplete API key setup, which you can then edit and complete with the Fireblocks API key. Note that you will not be able to generate a new CSR file unless you complete the setup or delete the previous incomplete one.

    API Key generated

3. Connect Fireblocks with Defender

  1. First, navigate to the Settings page subsequently click Approval Process in the sidebar, the navigate to the Integrations tab. Over here click on the Paste API Key from Fireblocks.

    Insert API Key Defender
  2. Insert the Fireblocks API key.

    Insert API key
    To submit a transaction to Fireblocks via Defender, ensure the correct permissions are set in Fireblocks, such as the relevant whitelisted addresses and the Transaction Access Policy (TAP). For example, you might need to whitelist the contract address you wish to interact with, as well as ensure that the newly created API user is allowed to interact with the relevant account and vaults (defined in the TAP).

4. Create Approval Process

  1. Once configured, you will be able to submit a transaction via a proposal. Select a Fireblocks approval process, the API key and the vault you wish to initiate the transaction from. Once submitted, Defender will track the status of the transaction. Note, Defender will not allow you to approve or reject a transaction from the UI. This is only possible via the Fireblocks mobile app or console.

    Create Defender Approval Process